Israeli IT Expert Identifies Gmail Flaw, Prevents Hackers From Capturing Email Addresses
by Joshua Levitt
Israeli Prime Minister Netanyahu's Google Doodle. Source: P.M. Netanyahu / Facebook.
Israeli computers expert Oren Hafif was featured this week in Wired Magazine and the Daily Mail for helping to save users of Google’s Gmail program from being exposed to hackers.
On his blog, Hafif explained how a sharing feature of Gmail allows a user to ‘delegate’ access to their account.
By adjusting the web address, Hafif found it was possible to reveal other users’ email addresses. By automating the character changes with a software program called DirBuster, he was able to collect 37,000 Gmail addresses in two hours.
Hafif said the flaw could have left users vulnerable to spam, phishing or password-guessing attacks, but it would not have exposed their passwords.
Hafif, a Tel Aviv-based penetration tester for security firm Trustwave, said it took Google another month after his report to fix the bug. He was paid $500 for the tip.
